Fake WindowsUpdater Ransomware

What is Fake WindowsUpdater Ransomware?

Fake WindowsUpdater Ransomware is a malicious application which, just like its predecessors, encrypts users’ files with the AES-256 encryption algorithm. Its name, we can assure you, is not random. It has been given this name because of the name WindowsUpdater.exe found in its source code. Of course, it does not really matter what its name is. The most important thing is that it has all the features of a typical ransomware infection, i.e. it finds users’ valuable files after the successful entrance, encrypts them all, and then opens a ransom note. At the time of writing, the C&C server (http://ganedata.co.uk/ransomware/ransomware.php) of this ransomware infection is already dead, which suggests that it is no longer active. Unfortunately, there are no guarantees that this infection will not be fixed in the near future and thus will not start encrypting users’ files again, so do not be so sure that you will not encounter it. Most probably, you are reading this article because you have already detected Fake WindowsUpdater Ransomware on your computer. If we are right here, delete this computer infection from your system no matter it has encrypted your files or not, i.e. no matter you have encountered a working version of this threat or not.

What does Fake WindowsUpdater Ransomware do?

Although Fake WindowsUpdater Ransomware is a brand new ransomware-type infection, it does not differ at all from older ransomware infections. As you should already know after reading the first paragraph, it enters computers illegally and then encrypts all kinds of files, including pictures, music, videos, and documents. It will become immediately clear for you which of your files have been locked because a new extension .encrypted will be appended to the encrypted data. Fortunately, this infection does not seek to ruin your Windows OS, so %WINDIR% files will be left as they are. Unfortunately, there is not much you can do about these encrypted files. To be frank, you have only two options: 1) send a ransom of 0.2 BTC (~25 USD) to 3BsyRz2sdvXcWRaycPoizEH5hAbDmWcpNE (BTC address) and then write an email to ransomwareinc@yopmail.com to get the decryption key or 2) go to recover files without the special decryptor. We cannot guarantee that you could recover those encrypted files yourself because you need to have a backup of files in order to do that. In other words, you could not recover them if copies of your personal files do not exist anywhere. Unfortunately, nobody knows whether cyber criminals will send you the decryption tool after receiving your money too. In addition, you should be aware of the fact that paying the required money to the author of Fake WindowsUpdater Ransomware will not disable this ransomware-type infection, meaning that it will be left working on your system.

Where does Fake WindowsUpdater Ransomware come from?

Specialists say that there are three main methods used to distribute Fake WindowsUpdater Ransomware. First, exploit kits might be used to spread this computer infection. Second, it might be dropped on users’ computers by Trojans. Last but not least, users might allow it to enter their computers by opening attachments from spam emails. Yes, spam email campaigns distribute this ransomware too. Once this infection is inside the system, it starts working right from the place of execution. Luckily, it does not create copies of itself, and does not make any serious modifications on the system. As you should have already understood, ransomware-type infections are not so easy to prevent from entering the system. Because of this, a security application must be installed and enabled on users’ computers. It will make sure that malicious software has no possibility of entering the system.

How to delete Fake WindowsUpdater Ransomware

You cannot unlock files by deleting Fake WindowsUpdater Ransomware from your computer, but it is still a must to do that no matter you have paid a ransom or not. First, close the window opened by ransomware on your Desktop and then delete the malicious file launched. If it is not deleted, you might launch it again by accident and get your files encrypted again. We are sure that you do not want this to happen, so we highly recommend going to get rid of this infection as soon as possible. Without a doubt, this can also be done automatically with an automatic tool, such as SpyHunter, so if you cannot find the malicious file or simply do not have time for searching it, perform a system scan with an automatic malware remover.

Fake WindowsUpdater Ransomware manual removal guide

Close the window with a ransom note by clicking X.

Delete the malicious file launched recently (it should be located on Desktop or in the Downloads folder).

0 Comments.

I have been involved with computer security ever since I started using computers and surfing the World Wide Web, and I like to think that, over many years, I have gained valuable experience, working with all types of infectious threats, on all kind of infected machines. My area of expertise is malware, its research and analysis, and I can spend hours investigating latest computer infections, so that PC users would be informed about the latest malicious applications and all sorts of threats that can infiltrate their computers, compromising multiple computer systems. I have joined AntiSpyware 101 to share my knowledge and provide PC users with latest malware research information and essential system news.My Google Profile+